/**
  * Create new ILIAS account
  *
  * @access public
  * 
  * @param string external username
  */
 public function create($a_username)
 {
     $this->writer->xmlStartTag('Users');
     // Single users
     // Required fields
     // Create user
     $this->writer->xmlStartTag('User', array('Action' => 'Insert'));
     $this->writer->xmlElement('Login', array(), $new_name = ilAuthUtils::_generateLogin($a_username));
     // Assign to role only for new users
     $this->writer->xmlElement('Role', array('Id' => $this->rad_settings->getDefaultRole(), 'Type' => 'Global', 'Action' => 'Assign'), '');
     $this->writer->xmlElement('Active', array(), "true");
     $this->writer->xmlElement('TimeLimitOwner', array(), 7);
     $this->writer->xmlElement('TimeLimitUnlimited', array(), 1);
     $this->writer->xmlElement('TimeLimitFrom', array(), time());
     $this->writer->xmlElement('TimeLimitUntil', array(), time());
     $this->writer->xmlElement('AuthMode', array('type' => 'radius'), 'radius');
     $this->writer->xmlElement('ExternalAccount', array(), $a_username);
     $this->writer->xmlEndTag('User');
     $this->writer->xmlEndTag('Users');
     $this->log->write('Radius: Started creation of user: '******'./Services/User/classes/class.ilUserImportParser.php';
     $importParser = new ilUserImportParser();
     $importParser->setXMLContent($this->writer->xmlDumpMem(false));
     $importParser->setRoleAssignment(array($this->rad_settings->getDefaultRole() => $this->rad_settings->getDefaultRole()));
     $importParser->setFolderId(7);
     $importParser->startParsing();
     return $new_name;
 }
 /**
  * Create new ILIAS account
  *
  * @access public
  * 
  * @param string external username
  */
 public function create($a_username, $a_userdata = array())
 {
     $a_userdata = $this->parseFullname($a_userdata);
     $this->writer->xmlStartTag('Users');
     // Single users
     // Required fields
     // Create user
     $this->writer->xmlStartTag('User', array('Action' => 'Insert'));
     $this->writer->xmlElement('Login', array(), $new_name = ilAuthUtils::_generateLogin($a_username));
     // Assign to role only for new users
     $this->writer->xmlElement('Role', array('Id' => $this->settings->getDefaultRole(), 'Type' => 'Global', 'Action' => 'Assign'), '');
     if (isset($a_userdata['email'])) {
         $this->writer->xmlElement('Email', array(), $a_userdata['email']);
     }
     if (isset($a_userdata['postcode'])) {
         $this->writer->xmlElement('PostalCode', array(), $a_userdata['postcode']);
     }
     if (isset($a_userdata['dob']) and $a_userdata['dob']) {
         $this->writer->xmlElement('Birthday', array(), $a_userdata['dob']);
     }
     if (isset($a_userdata['gender'])) {
         $this->writer->xmlElement('Gender', array(), strtolower($a_userdata['gender']));
     }
     if (isset($a_userdata['title'])) {
         $this->writer->xmlElement('Title', array(), $a_userdata['title']);
     }
     if (isset($a_userdata['firstname'])) {
         $this->writer->xmlElement('Firstname', array(), $a_userdata['firstname']);
     }
     if (isset($a_userdata['lastname'])) {
         $this->writer->xmlElement('Lastname', array(), $a_userdata['lastname']);
     }
     $this->writer->xmlElement('Active', array(), "true");
     $this->writer->xmlElement('TimeLimitOwner', array(), 7);
     $this->writer->xmlElement('TimeLimitUnlimited', array(), 1);
     $this->writer->xmlElement('TimeLimitFrom', array(), time());
     $this->writer->xmlElement('TimeLimitUntil', array(), time());
     $this->writer->xmlElement('AuthMode', array('type' => 'openid'), 'openid');
     $this->writer->xmlElement('ExternalAccount', array(), $a_username);
     $this->writer->xmlEndTag('User');
     $this->writer->xmlEndTag('Users');
     $this->log->write('OpenId: Started creation of user: '******'./Services/User/classes/class.ilUserImportParser.php';
     $importParser = new ilUserImportParser();
     $importParser->setXMLContent($this->writer->xmlDumpMem(false));
     $importParser->setRoleAssignment(array($this->settings->getDefaultRole() => $this->settings->getDefaultRole()));
     $importParser->setFolderId(7);
     $importParser->startParsing();
     // Assign timezone
     if (isset($a_userdata['timezone'])) {
         include_once './Services/Calendar/classes/class.ilCalendarUtil.php';
         $tzs = ilCalendarUtil::_getShortTimeZoneList();
         if (isset($tzs[$a_userdata['timezone']])) {
             $usr_id = ilObjUser::_lookupId($new_name);
             ilObjUser::_writePref($usr_id, 'user_tz', $a_userdata['timezone']);
         }
     }
     return $new_name;
 }
Пример #3
0
 /**
  * 
  * @return 
  */
 public function isLocalPasswordInstructionRequired()
 {
     global $ilUser;
     if ($this->pwd_instruction !== NULL) {
         return $this->pwd_instruction;
     }
     include_once './Services/Authentication/classes/class.ilAuthUtils.php';
     $status = ilAuthUtils::supportsLocalPasswordValidation($ilUser->getAuthMode(true));
     if ($status != ilAuthUtils::LOCAL_PWV_USER) {
         return $this->pwd_instruction = false;
     }
     // Check if user has local password
     return $this->pwd_instruction = (bool) (!strlen($ilUser->getPasswd()));
 }
 /**
  * Check, whether password change is allowed for user
  */
 function allowPasswordChange()
 {
     global $ilUser, $ilSetting;
     return ilAuthUtils::isPasswordModificationEnabled($ilUser->getAuthMode(true));
     // Moved to ilAuthUtils
     // do nothing if auth mode is not local database
     if ($ilUser->getAuthMode(true) != AUTH_LOCAL && ($ilUser->getAuthMode(true) != AUTH_CAS || !$ilSetting->get("cas_allow_local")) && ($ilUser->getAuthMode(true) != AUTH_SHIBBOLETH || !$ilSetting->get("shib_auth_allow_local")) && ($ilUser->getAuthMode(true) != AUTH_SOAP || !$ilSetting->get("soap_auth_allow_local")) && $ilUser->getAuthMode(true) != AUTH_OPENID) {
         return false;
     }
     if (!$this->userSettingVisible('password') || $this->ilias->getSetting('usr_settings_disable_password')) {
         return false;
     }
     return true;
 }
 /**
  * create new user
  *
  * @access protected
  */
 protected function createUser(ilECSUser $user)
 {
     global $ilClientIniFile, $ilSetting, $rbacadmin, $ilLog;
     $userObj = new ilObjUser();
     include_once './Services/Authentication/classes/class.ilAuthUtils.php';
     $local_user = ilAuthUtils::_generateLogin($this->getAbreviation() . '_' . $user->getLogin());
     $newUser["login"] = $local_user;
     $newUser["firstname"] = $user->getFirstname();
     $newUser["lastname"] = $user->getLastname();
     $newUser['email'] = $user->getEmail();
     $newUser['institution'] = $user->getInstitution();
     // set "plain md5" password (= no valid password)
     $newUser["passwd"] = "";
     $newUser["passwd_type"] = IL_PASSWD_MD5;
     $newUser["auth_mode"] = "ecs";
     $newUser["profile_incomplete"] = 0;
     // system data
     $userObj->assignData($newUser);
     $userObj->setTitle($userObj->getFullname());
     $userObj->setDescription($userObj->getEmail());
     // set user language to system language
     $userObj->setLanguage($ilSetting->get("language"));
     // Time limit
     $userObj->setTimeLimitOwner(7);
     $userObj->setTimeLimitUnlimited(0);
     $userObj->setTimeLimitFrom(time() - 5);
     $userObj->setTimeLimitUntil(time() + $ilClientIniFile->readVariable("session", "expire"));
     $now = new ilDateTime(time(), IL_CAL_UNIX);
     $userObj->setAgreeDate($now->get(IL_CAL_DATETIME));
     // Create user in DB
     $userObj->setOwner(6);
     $userObj->create();
     $userObj->setActive(1);
     $userObj->updateOwner();
     $userObj->saveAsNew();
     $userObj->writePrefs();
     if ($global_role = $this->getCurrentServer()->getGlobalRole()) {
         $rbacadmin->assignUser($this->getCurrentServer()->getGlobalRole(), $userObj->getId(), true);
     }
     ilObject::_writeImportId($userObj->getId(), $user->getImportId());
     $ilLog->write(__METHOD__ . ': Created new remote user with usr_id: ' . $user->getImportId());
     // Send Mail
     #$this->sendNotification($userObj);
     return $userObj->getLogin();
 }
Пример #6
0
 /**
  * check whether external account and authentication method
  * matches with a user
  *
  * @static
  */
 public static function _checkExternalAuthAccount($a_auth, $a_account)
 {
     global $ilDB, $ilSetting;
     // Check directly with auth_mode
     $r = $ilDB->queryF("SELECT * FROM usr_data WHERE " . " ext_account = %s AND auth_mode = %s", array("text", "text"), array($a_account, $a_auth));
     if ($usr = $ilDB->fetchAssoc($r)) {
         return $usr["login"];
     }
     // For compatibility, check for login (no ext_account entry given)
     $res = $ilDB->queryF("SELECT login FROM usr_data " . "WHERE login = %s AND auth_mode = %s", array("text", "text"), array($a_account, $a_auth));
     if ($usr = $ilDB->fetchAssoc($res)) {
         return $usr['login'];
     }
     // If auth_default == $a_auth => check for login
     if (ilAuthUtils::_getAuthModeName($ilSetting->get('auth_mode')) == $a_auth) {
         $res = $ilDB->queryF("SELECT login FROM usr_data WHERE " . " ext_account = %s AND auth_mode = %s", array("text", "text"), array($a_account, "default"));
         if ($usr = $ilDB->fetchAssoc($res)) {
             return $usr["login"];
         }
         // Search for login (no ext_account given)
         $res = $ilDB->queryF("SELECT login FROM usr_data " . "WHERE login = %s AND (ext_account IS NULL OR ext_account = '') AND auth_mode = %s", array("text", "text"), array($a_account, "default"));
         if ($usr = $ilDB->fetchAssoc($res)) {
             return $usr["login"];
         }
     }
     return false;
 }
 /**
  * Init user / authentification (level 2)
  */
 protected static function initUser()
 {
     global $ilias, $ilAuth, $ilUser;
     if (ilContext::usesHTTP()) {
         // allow login by submitting user data
         // in query string when DEVMODE is enabled
         if (DEVMODE && isset($_GET['username']) && strlen($_GET['username']) && isset($_GET['password']) && strlen($_GET['password'])) {
             $_POST['username'] = $_GET['username'];
             $_POST['password'] = $_GET['password'];
         }
     }
     // $ilAuth
     require_once "Auth/Auth.php";
     require_once "./Services/AuthShibboleth/classes/class.ilShibboleth.php";
     include_once "./Services/Authentication/classes/class.ilAuthUtils.php";
     ilAuthUtils::_initAuth();
     $ilias->auth = $ilAuth;
     // $ilUser
     self::initGlobal("ilUser", "ilObjUser", "./Services/User/classes/class.ilObjUser.php");
     $ilias->account =& $ilUser;
     self::initAccessHandling();
     // force login
     if (isset($_GET["cmd"]) && $_GET["cmd"] == "force_login") {
         $ilAuth->logout();
         // we need to do this for the session statistics
         // could we use session_destroy() instead?
         // [this is done after every $ilAuth->logout() call elsewhere]
         ilSession::_destroy(session_id(), ilSession::SESSION_CLOSE_LOGIN);
         // :TODO: keep session because of cart content?
         if (!isset($_GET['forceShoppingCartRedirect'])) {
             $_SESSION = array();
         } else {
             ilSession::set("AccountId", "");
         }
     }
 }
 /**
  * display settings menu
  * 
  * @access	public
  */
 function authSettingsObject()
 {
     global $rbacsystem, $ilSetting;
     if (!$rbacsystem->checkAccess("visible,read", $this->object->getRefId())) {
         $this->ilias->raiseError($this->lng->txt("permission_denied"), $this->ilias->error_obj->MESSAGE);
     }
     $this->tabs_gui->setTabActive('authentication_settings');
     $this->setSubTabs('authSettings');
     $this->tabs_gui->setSubTabActive("auth_settings");
     $this->tpl->addBlockFile("ADM_CONTENT", "adm_content", "tpl.auth_general.html", "Services/Authentication");
     $this->tpl->setVariable("FORMACTION", $this->ctrl->getFormAction($this));
     $this->tpl->setVariable("TXT_AUTH_TITLE", $this->lng->txt("auth_select"));
     $this->tpl->setVariable("TXT_AUTH_MODE", $this->lng->txt("auth_mode"));
     $this->tpl->setVariable("TXT_AUTH_DEFAULT", $this->lng->txt("default"));
     $this->tpl->setVariable("TXT_AUTH_ACTIVE", $this->lng->txt("active"));
     $this->tpl->setVariable("TXT_AUTH_NUM_USERS", $this->lng->txt("num_users"));
     $this->tpl->setVariable("TXT_LOCAL", $this->lng->txt("auth_local"));
     $this->tpl->setVariable("TXT_LDAP", $this->lng->txt("auth_ldap"));
     $this->tpl->setVariable("TXT_SHIB", $this->lng->txt("auth_shib"));
     $this->tpl->setVariable("TXT_CAS", $this->lng->txt("auth_cas"));
     $this->tpl->setVariable("TXT_RADIUS", $this->lng->txt("auth_radius"));
     $this->tpl->setVariable("TXT_SCRIPT", $this->lng->txt("auth_script"));
     $this->tpl->setVariable("TXT_APACHE", $this->lng->txt("auth_apache"));
     $auth_cnt = ilObjUser::_getNumberOfUsersPerAuthMode();
     $auth_modes = ilAuthUtils::_getAllAuthModes();
     foreach ($auth_modes as $mode => $mode_name) {
         //echo "-".$ilSetting->get('auth_mode')."-".$mode."-";
         if ($ilSetting->get('auth_mode') == $mode) {
             $this->tpl->setVariable("NUM_" . strtoupper($mode_name), (int) $auth_cnt[$mode_name] + $auth_cnt["default"] . " (" . $this->lng->txt("auth_per_default") . ": " . $auth_cnt["default"] . ")");
         } else {
             $this->tpl->setVariable("NUM_" . strtoupper($mode_name), (int) $auth_cnt[$mode_name]);
         }
     }
     $this->tpl->setVariable("TXT_CONFIGURE", $this->lng->txt("auth_configure"));
     $this->tpl->setVariable("TXT_AUTH_REMARK", $this->lng->txt("auth_remark_non_local_auth"));
     $this->tpl->setVariable("TXT_SUBMIT", $this->lng->txt("save"));
     $this->tpl->setVariable("CMD_SUBMIT", "setAuthMode");
     // local vars
     $checked = "checked=\"checked\"";
     $disabled = "disabled=\"disabled\"";
     $style_disabled = "_disabled";
     // icon handlers
     $icon_ok = "<img src=\"" . ilUtil::getImagePath("icon_ok.png") . "\" alt=\"" . $this->lng->txt("enabled") . "\" title=\"" . $this->lng->txt("enabled") . "\" border=\"0\" vspace=\"0\"/>";
     $icon_not_ok = "<img src=\"" . ilUtil::getImagePath("icon_not_ok.png") . "\" alt=\"" . $this->lng->txt("disabled") . "\" title=\"" . $this->lng->txt("disabled") . "\" border=\"0\" vspace=\"0\"/>";
     $this->tpl->setVariable("AUTH_LOCAL_ACTIVE", $icon_ok);
     include_once 'Services/LDAP/classes/class.ilLDAPServer.php';
     $this->tpl->setVariable('AUTH_LDAP_ACTIVE', count(ilLDAPServer::_getActiveServerList()) ? $icon_ok : $icon_not_ok);
     #$this->tpl->setVariable("AUTH_LDAP_ACTIVE", $this->ilias->getSetting('ldap_active') ? $icon_ok : $icon_not_ok);
     $this->tpl->setVariable("AUTH_RADIUS_ACTIVE", $this->ilias->getSetting('radius_active') ? $icon_ok : $icon_not_ok);
     $this->tpl->setVariable("AUTH_SHIB_ACTIVE", $this->ilias->getSetting('shib_active') ? $icon_ok : $icon_not_ok);
     $this->tpl->setVariable("AUTH_SCRIPT_ACTIVE", $this->ilias->getSetting('script_active') ? $icon_ok : $icon_not_ok);
     $this->tpl->setVariable("AUTH_CAS_ACTIVE", $this->ilias->getSetting('cas_active') ? $icon_ok : $icon_not_ok);
     $this->tpl->setVariable("AUTH_APACHE_ACTIVE", $this->ilias->getSetting('apache_active') ? $icon_ok : $icon_not_ok);
     // alter style and disable buttons depending on current selection
     switch ($this->ilias->getSetting('auth_mode')) {
         case AUTH_LOCAL:
             // default
             $this->tpl->setVariable("CHK_LOCAL", $checked);
             break;
         case AUTH_LDAP:
             // LDAP
             $this->tpl->setVariable("CHK_LDAP", $checked);
             break;
         case AUTH_SHIBBOLETH:
             // SHIB
             $this->tpl->setVariable("CHK_SHIB", $checked);
             break;
         case AUTH_RADIUS:
             // RADIUS
             $this->tpl->setVariable("CHK_RADIUS", $checked);
             break;
         case AUTH_CAS:
             // CAS
             $this->tpl->setVariable("CHK_CAS", $checked);
             break;
         case AUTH_SCRIPT:
             // script
             $this->tpl->setVariable("CHK_SCRIPT", $checked);
             break;
         case AUTH_APACHE:
             // apache
             $this->tpl->setVariable("CHK_APACHE", $checked);
             break;
     }
     // auth mode determinitation
     if ($this->initAuthModeDetermination()) {
         $this->tpl->setVariable('TABLE_AUTH_DETERMINATION', $this->form->getHTML());
     }
     // roles table
     $this->tpl->setVariable("FORMACTION_ROLES", $this->ctrl->getFormAction($this));
     $this->tpl->setVariable("TXT_AUTH_ROLES", $this->lng->txt("auth_active_roles"));
     $this->tpl->setVariable("TXT_ROLE", $this->lng->txt("obj_role"));
     $this->tpl->setVariable("TXT_ROLE_AUTH_MODE", $this->lng->txt("auth_role_auth_mode"));
     $this->tpl->setVariable("CMD_SUBMIT_ROLES", "updateAuthRoles");
     include_once "./Services/AccessControl/classes/class.ilObjRole.php";
     $reg_roles = ilObjRole::_lookupRegisterAllowed();
     // auth mode selection
     include_once './Services/Authentication/classes/class.ilAuthUtils.php';
     $active_auth_modes = ilAuthUtils::_getActiveAuthModes();
     foreach ($reg_roles as $role) {
         foreach ($active_auth_modes as $auth_name => $auth_key) {
             // do not list auth modes with external login screen
             // even not default, because it can easily be set to
             // a non-working auth mode
             if ($auth_name == "default" || $auth_name == "cas" || $auth_name == "shibboleth" || $auth_name == 'ldap' || $auth_name == 'apache') {
                 continue;
             }
             $this->tpl->setCurrentBlock("auth_mode_selection");
             if ($auth_name == 'default') {
                 $name = $this->lng->txt('auth_' . $auth_name) . " (" . $this->lng->txt('auth_' . ilAuthUtils::_getAuthModeName($auth_key)) . ")";
             } else {
                 $name = $this->lng->txt('auth_' . $auth_name);
             }
             $this->tpl->setVariable("AUTH_MODE_NAME", $name);
             $this->tpl->setVariable("AUTH_MODE", $auth_name);
             if ($role['auth_mode'] == $auth_name) {
                 $this->tpl->setVariable("SELECTED_AUTH_MODE", "selected=\"selected\"");
             }
             $this->tpl->parseCurrentBlock();
         }
         // END auth_mode selection
         $this->tpl->setCurrentBlock("roles");
         $this->tpl->setVariable("ROLE", $role['title']);
         $this->tpl->setVariable("ROLE_ID", $role['id']);
         $this->tpl->parseCurrentBlock();
     }
 }
 /**
  * @see ilAuthContainerBase::loginObserver()
  */
 public function loginObserver($a_username, $a_auth)
 {
     global $ilias, $rbacadmin, $ilSetting, $ilLog, $PHPCAS_CLIENT;
     $ilLog->write(__METHOD__ . ': Successful CAS login.');
     // Radius with ldap as data source
     include_once './Services/LDAP/classes/class.ilLDAPServer.php';
     if (ilLDAPServer::isDataSourceActive(AUTH_CAS)) {
         return $this->handleLDAPDataSource($a_auth, $a_username);
     }
     include_once "./Services/CAS/lib/CAS.php";
     if ($PHPCAS_CLIENT->getUser() != "") {
         $username = $PHPCAS_CLIENT->getUser();
         $ilLog->write(__METHOD__ . ': Username: '******'./Services/User/classes/class.ilObjUser.php';
         $local_user = ilObjUser::_checkExternalAuthAccount("cas", $username);
         if ($local_user != "") {
             $a_auth->setAuth($local_user);
         } else {
             if (!$ilSetting->get("cas_create_users")) {
                 $a_auth->status = AUTH_CAS_NO_ILIAS_USER;
                 $a_auth->logout();
                 return false;
             }
             $userObj = new ilObjUser();
             $local_user = ilAuthUtils::_generateLogin($username);
             $newUser["firstname"] = $local_user;
             $newUser["lastname"] = "";
             $newUser["login"] = $local_user;
             // set "plain md5" password (= no valid password)
             $newUser["passwd"] = "";
             $newUser["passwd_type"] = IL_PASSWD_MD5;
             //$newUser["gender"] = "m";
             $newUser["auth_mode"] = "cas";
             $newUser["ext_account"] = $username;
             $newUser["profile_incomplete"] = 1;
             // system data
             $userObj->assignData($newUser);
             $userObj->setTitle($userObj->getFullname());
             $userObj->setDescription($userObj->getEmail());
             // set user language to system language
             $userObj->setLanguage($ilSetting->get("language"));
             // Time limit
             $userObj->setTimeLimitOwner(7);
             $userObj->setTimeLimitUnlimited(1);
             $userObj->setTimeLimitFrom(time());
             $userObj->setTimeLimitUntil(time());
             // Create user in DB
             $userObj->setOwner(0);
             $userObj->create();
             $userObj->setActive(1);
             $userObj->updateOwner();
             //insert user data in table user_data
             $userObj->saveAsNew();
             // setup user preferences
             $userObj->writePrefs();
             // to do: test this
             $rbacadmin->assignUser($ilSetting->get('cas_user_default_role'), $userObj->getId(), true);
             unset($userObj);
             $a_auth->setAuth($local_user);
             return true;
         }
     } else {
         $ilLog->write(__METHOD__ . ': Login failed.');
         // This should never occur unless CAS is not configured properly
         $a_auth->status = AUTH_WRONG_LOGIN;
         return false;
     }
     return false;
 }
 /**
  * Check input, strip slashes etc. set alert, if input is not ok.
  *
  * @return	boolean		Input ok, true/false
  */
 function checkInput()
 {
     global $lng;
     $_POST[$this->getPostVar()] = ilUtil::stripSlashes($_POST[$this->getPostVar()]);
     $_POST[$this->getPostVar() . "_retype"] = ilUtil::stripSlashes($_POST[$this->getPostVar() . "_retype"]);
     if ($this->getRequired() && trim($_POST[$this->getPostVar()]) == "") {
         $this->setAlert($lng->txt("msg_input_is_required"));
         return false;
     }
     if ($this->getValidateAuthPost() != "") {
         $auth = ilAuthUtils::_getAuthMode($_POST[$this->getValidateAuthPost()]);
         // check, if password is required dependent on auth mode
         if ($this->getRequiredOnAuth() && ilAuthUtils::_allowPasswordModificationByAuthMode($auth) && trim($_POST[$this->getPostVar()]) == "") {
             $this->setAlert($lng->txt("form_password_required_for_auth"));
             return false;
         }
         // check, if password is allowed to be set for given auth mode
         if (trim($_POST[$this->getPostVar()]) != "" && !ilAuthUtils::_allowPasswordModificationByAuthMode($auth)) {
             $this->setAlert($lng->txt("form_password_not_allowed_for_auth"));
             return false;
         }
     }
     if ($this->getRetype() && !$this->getPreSelection() && $_POST[$this->getPostVar()] != $_POST[$this->getPostVar() . "_retype"]) {
         $this->setAlert($lng->txt("passwd_not_match"));
         return false;
     }
     if (!$this->getSkipSyntaxCheck() && !ilUtil::isPassword($_POST[$this->getPostVar()], $custom_error) && $_POST[$this->getPostVar()] != "") {
         if ($custom_error != '') {
             $this->setAlert($custom_error);
         } else {
             $this->setAlert($lng->txt("passwd_invalid"));
         }
         return false;
     }
     return $this->checkSubItemsInput();
 }
Пример #11
0
 /**
  * Get authentication mapping key
  * Default is ldap
  * @return string
  */
 public function getAuthenticationMappingKey()
 {
     if ($this->isAuthenticationEnabled() or !$this->getAuthenticationMapping()) {
         return 'ldap';
     }
     return ilAuthUtils::_getAuthModeName($this->getAuthenticationMapping());
 }
Пример #12
0
 /**
  * Show login form 
  * @global ilSetting $ilSetting
  * @param string $page_editor_html 
  */
 protected function showLoginForm($page_editor_html)
 {
     global $ilSetting, $lng, $tpl;
     // @todo move this to auth utils.
     // login via ILIAS (this also includes radius and ldap)
     // If local authentication is enabled for shibboleth users, we
     // display the login form for ILIAS here.
     if (($ilSetting->get("auth_mode") != AUTH_SHIBBOLETH || $ilSetting->get("shib_auth_allow_local")) && $ilSetting->get("auth_mode") != AUTH_CAS) {
         include_once "Services/Form/classes/class.ilPropertyFormGUI.php";
         $form = new ilPropertyFormGUI();
         //$form->setTableWidth('500');
         $form->setFormAction($this->ctrl->getFormAction($this, ''));
         $form->setName("formlogin");
         $form->setShowTopButtons(false);
         $form->setTitle($lng->txt("login_to_ilias"));
         // auth selection
         include_once './Services/Authentication/classes/class.ilAuthModeDetermination.php';
         $det = ilAuthModeDetermination::_getInstance();
         if (ilAuthUtils::_hasMultipleAuthenticationMethods() and $det->isManualSelection()) {
             $visible_auth_methods = array();
             $radg = new ilRadioGroupInputGUI($lng->txt("auth_selection"), "auth_mode");
             foreach (ilAuthUtils::_getMultipleAuthModeOptions($lng) as $key => $option) {
                 if (isset($option['hide_in_ui']) && $option['hide_in_ui']) {
                     continue;
                 }
                 $op1 = new ilRadioOption($option['txt'], $key);
                 $radg->addOption($op1);
                 if (isset($option['checked'])) {
                     $radg->setValue($key);
                 }
                 $visible_auth_methods[] = $op1;
             }
             if (count($visible_auth_methods) == 1) {
                 $first_auth_method = current($visible_auth_methods);
                 $hidden_auth_method = new ilHiddenInputGUI("auth_mode");
                 $hidden_auth_method->setValue($first_auth_method->getValue());
                 $form->addItem($hidden_auth_method);
             } else {
                 $form->addItem($radg);
             }
         }
         $ti = new ilTextInputGUI($lng->txt("username"), "username");
         $ti->setSize(20);
         $ti->setRequired(true);
         $form->addItem($ti);
         $pi = new ilPasswordInputGUI($lng->txt("password"), "password");
         $pi->setRetype(false);
         $pi->setSize(20);
         $pi->setDisableHtmlAutoComplete(false);
         $pi->setRequired(true);
         $form->addItem($pi);
         $form->addCommandButton("showLogin", $lng->txt("log_in"));
         require_once 'Services/Captcha/classes/class.ilCaptchaUtil.php';
         if (ilCaptchaUtil::isActiveForLogin()) {
             require_once 'Services/Captcha/classes/class.ilCaptchaInputGUI.php';
             $captcha = new ilCaptchaInputGUI($lng->txt('captcha_code'), 'captcha_code');
             $captcha->setRequired(true);
             $form->addItem($captcha);
         }
         return $this->substituteLoginPageElements($tpl, $page_editor_html, $form->getHTML(), '[list-login-form]', 'LOGIN_FORM');
     }
     return $page_editor_html;
 }
Пример #13
0
 /**
  * Does input checks and updates a user account if everything is fine.
  * @access	public
  */
 function updateObjectOld()
 {
     global $ilias, $rbacsystem, $rbacadmin, $ilUser;
     include_once './Services/Authentication/classes/class.ilAuthUtils.php';
     //load ILIAS settings
     $settings = $ilias->getAllSettings();
     // User folder
     if ($this->usrf_ref_id == USER_FOLDER_ID and !$rbacsystem->checkAccess('visible,read,write', $this->usrf_ref_id)) {
         $this->ilias->raiseError($this->lng->txt("msg_no_perm_modify_user"), $this->ilias->error_obj->MESSAGE);
     }
     // if called from local administration $this->usrf_ref_id is category id
     // Todo: this has to be fixed. Do not mix user folder id and category id
     if ($this->usrf_ref_id != USER_FOLDER_ID) {
         // check if user is assigned to category
         if (!$rbacsystem->checkAccess('cat_administrate_users', $this->object->getTimeLimitOwner())) {
             $this->ilias->raiseError($this->lng->txt("msg_no_perm_modify_user"), $this->ilias->error_obj->MESSAGE);
         }
     }
     foreach ($_POST["Fobject"] as $key => $val) {
         $_POST["Fobject"][$key] = ilUtil::stripSlashes($val);
     }
     // check dynamically required fields
     foreach ($settings as $key => $val) {
         $field = substr($key, 8);
         switch ($field) {
             case 'passwd':
             case 'passwd2':
                 if (ilAuthUtils::_allowPasswordModificationByAuthMode(ilAuthUtils::_getAuthMode($_POST['Fobject']['auth_mode']))) {
                     $require_keys[] = $field;
                 }
                 break;
             default:
                 $require_keys[] = $field;
                 break;
         }
     }
     foreach ($require_keys as $key => $val) {
         // exclude required system and registration-only fields
         $system_fields = array("default_role");
         if (!in_array($val, $system_fields)) {
             if (isset($settings["require_" . $val]) && $settings["require_" . $val]) {
                 if (empty($_POST["Fobject"][$val])) {
                     $this->ilias->raiseError($this->lng->txt("fill_out_all_required_fields") . ": " . $this->lng->txt($val), $this->ilias->error_obj->MESSAGE);
                 }
             }
         }
     }
     if (!$this->__checkUserDefinedRequiredFields()) {
         $this->ilias->raiseError($this->lng->txt("fill_out_all_required_fields"), $this->ilias->error_obj->MESSAGE);
     }
     // validate login
     if ($this->object->getLogin() != $_POST["Fobject"]["login"] && !ilUtil::isLogin($_POST["Fobject"]["login"])) {
         $this->ilias->raiseError($this->lng->txt("login_invalid"), $this->ilias->error_obj->MESSAGE);
     }
     // check loginname
     if (ilObjUser::_loginExists($_POST["Fobject"]["login"], $this->id)) {
         $this->ilias->raiseError($this->lng->txt("login_exists"), $this->ilias->error_obj->MESSAGE);
     }
     if (ilAuthUtils::_allowPasswordModificationByAuthMode(ilAuthUtils::_getAuthMode($_POST['Fobject']['auth_mode']))) {
         if ($_POST['Fobject']['passwd'] == "********" and !strlen($this->object->getPasswd())) {
             $this->ilias->raiseError($this->lng->txt("fill_out_all_required_fields") . ": " . $this->lng->txt('password'), $this->ilias->error_obj->MESSAGE);
         }
         // check passwords
         if ($_POST["Fobject"]["passwd"] != $_POST["Fobject"]["passwd2"]) {
             $this->ilias->raiseError($this->lng->txt("passwd_not_match"), $this->ilias->error_obj->MESSAGE);
         }
         // validate password
         if (!ilUtil::isPassword($_POST["Fobject"]["passwd"])) {
             $this->ilias->raiseError($this->lng->txt("passwd_invalid"), $this->ilias->error_obj->MESSAGE);
         }
     } else {
         // Password will not be changed...
         $_POST['Fobject']['passwd'] = "********";
     }
     if (ilAuthUtils::_needsExternalAccountByAuthMode(ilAuthUtils::_getAuthMode($_POST['Fobject']['auth_mode']))) {
         if (!strlen($_POST['Fobject']['ext_account'])) {
             $this->ilias->raiseError($this->lng->txt('ext_acccount_required'), $this->ilias->error_obj->MESSAGE);
         }
     }
     if ($_POST['Fobject']['ext_account'] && ($elogin = ilObjUser::_checkExternalAuthAccount($_POST['Fobject']['auth_mode'], $_POST['Fobject']['ext_account']))) {
         if ($elogin != $this->object->getLogin()) {
             $this->ilias->raiseError(sprintf($this->lng->txt("err_auth_ext_user_exists"), $_POST["Fobject"]["ext_account"], $_POST['Fobject']['auth_mode'], $elogin), $this->ilias->error_obj->MESSAGE);
         }
     }
     // The password type is not passed with the post data.  Therefore we
     // append it here manually.
     include_once './Services/User/classes/class.ilObjUser.php';
     $_POST["Fobject"]["passwd_type"] = IL_PASSWD_PLAIN;
     // validate email
     if (strlen($_POST['Fobject']['email']) and !ilUtil::is_email($_POST["Fobject"]["email"])) {
         $this->ilias->raiseError($this->lng->txt("email_not_valid"), $this->ilias->error_obj->MESSAGE);
     }
     $start = $this->__toUnix($_POST["time_limit"]["from"]);
     $end = $this->__toUnix($_POST["time_limit"]["until"]);
     // validate time limit
     if (!$_POST["time_limit"]["unlimited"] and $start > $end) {
         $this->ilias->raiseError($this->lng->txt("time_limit_not_valid"), $this->ilias->error_obj->MESSAGE);
     }
     if (!$this->ilias->account->getTimeLimitUnlimited()) {
         if ($start < $this->ilias->account->getTimeLimitFrom() or $end > $this->ilias->account->getTimeLimitUntil() or $_POST['time_limit']['unlimited']) {
             $_SESSION['error_post_vars'] = $_POST;
             ilUtil::sendFailure($this->lng->txt('time_limit_not_within_owners'));
             $this->editObject();
             return false;
         }
     }
     // TODO: check length of login and passwd
     // checks passed. save user
     $_POST['Fobject']['time_limit_owner'] = $this->object->getTimeLimitOwner();
     $_POST['Fobject']['time_limit_unlimited'] = (int) $_POST['time_limit']['unlimited'];
     $_POST['Fobject']['time_limit_from'] = $this->__toUnix($_POST['time_limit']['from']);
     $_POST['Fobject']['time_limit_until'] = $this->__toUnix($_POST['time_limit']['until']);
     if ($_POST['Fobject']['time_limit_unlimited'] != $this->object->getTimeLimitUnlimited() or $_POST['Fobject']['time_limit_from'] != $this->object->getTimeLimitFrom() or $_POST['Fobject']['time_limit_until'] != $this->object->getTimeLimitUntil()) {
         $_POST['Fobject']['time_limit_message'] = 0;
     } else {
         $_POST['Fobject']['time_limit_message'] = $this->object->getTimeLimitMessage();
     }
     $this->object->assignData($_POST["Fobject"]);
     $this->object->setUserDefinedData($_POST['udf']);
     try {
         $this->object->updateLogin($_POST['Fobject']['login']);
     } catch (ilUserException $e) {
         ilUtil::sendFailure($e->getMessage());
         $this->form_gui->setValuesByPost();
         return $tpl->setContent($this->form_gui->getHtml());
     }
     $this->object->setTitle($this->object->getFullname());
     $this->object->setDescription($this->object->getEmail());
     $this->object->setLanguage($_POST["Fobject"]["language"]);
     //set user skin and style
     $sknst = explode(":", $_POST["Fobject"]["skin_style"]);
     if ($this->object->getPref("style") != $sknst[1] || $this->object->getPref("skin") != $sknst[0]) {
         $this->object->setPref("skin", $sknst[0]);
         $this->object->setPref("style", $sknst[1]);
     }
     // set hits per pages
     $this->object->setPref("hits_per_page", $_POST["Fobject"]["hits_per_page"]);
     // set show users online
     $this->object->setPref("show_users_online", $_POST["Fobject"]["show_users_online"]);
     // set hide_own_online_status
     if ($_POST["Fobject"]["hide_own_online_status"]) {
         $this->object->setPref("hide_own_online_status", $_POST["Fobject"]["hide_own_online_status"]);
     } else {
         $this->object->setPref("hide_own_online_status", "n");
     }
     $this->update = $this->object->update();
     //$rbacadmin->updateDefaultRole($_POST["Fobject"]["default_role"], $this->object->getId());
     // BEGIN DiskQuota: Remember the state of the "send info mail" checkbox
     global $ilUser;
     $ilUser->setPref('send_info_mails', $_POST['send_mail'] == 'y' ? 'y' : 'n');
     $ilUser->writePrefs();
     // END DiskQuota: Remember the state of the "send info mail" checkbox
     $mail_message = $this->__sendProfileMail();
     $msg = $this->lng->txt('saved_successfully') . $mail_message;
     // feedback
     ilUtil::sendSuccess($msg, true);
     if (strtolower($_GET["baseClass"]) == 'iladministrationgui') {
         $this->ctrl->redirectByClass("ilobjuserfoldergui", "view");
     } else {
         $this->ctrl->redirectByClass('ilobjcategorygui', 'listUsers');
     }
 }
 /**
  * get client information from current as xml result set
  *
  * @param string $sid  current session id
  *
  * @return XMLResultSet containing columns installation_id, installation_version, installation_url, installation_description, installation_default_language
  */
 function getNIC($sid)
 {
     $this->initAuth($sid);
     $this->initIlias();
     if (!$this->__checkSession($sid)) {
         return $this->__raiseError($this->__getMessage(), $this->__getMessageCode());
     }
     global $rbacsystem, $rbacreview, $ilLog, $rbacadmin, $ilSetting, $ilClientIniFile;
     if (!is_object($ilClientIniFile)) {
         return $this->__raiseError("Client ini is not initialized", "Server");
     }
     $auth_modes = ilAuthUtils::_getActiveAuthModes();
     $auth_mode_default = strtoupper(ilAuthUtils::_getAuthModeName(array_shift($auth_modes)));
     $auth_mode_names = array();
     foreach ($auth_modes as $mode) {
         $auth_mode_names[] = strtoupper(ilAuthUtils::_getAuthModeName($mode));
     }
     include_once 'Services/AdvancedMetaData/classes/class.ilAdvancedMDRecord.php';
     include_once 'Services/AdvancedMetaData/classes/class.ilAdvancedMDRecordXMLWriter.php';
     // create advanced meta data record xml
     $record_ids = array();
     $record_types = ilAdvancedMDRecord::_getAssignableObjectTypes();
     foreach ($record_types as $type) {
         $records = ilAdvancedMDRecord::_getActivatedRecordsByObjectType($type);
         foreach ($records as $record) {
             $record_ids[] = $record->getRecordId();
         }
     }
     $record_ids = array_unique($record_ids);
     $advmwriter = new ilAdvancedMDRecordXMLWriter($record_ids);
     $advmwriter->write();
     // create user defined fields record xml, simulate empty user records
     include_once "./Services/User/classes/class.ilUserXMLWriter.php";
     $udfWriter = new ilUserXMLWriter();
     $users = array();
     $udfWriter->setObjects($users);
     $udfWriter->start();
     // todo: get information from client id, read from ini file specificied
     $client_details[] = array("installation_id" => IL_INST_ID, "installation_version" => ILIAS_VERSION, "installation_url" => ILIAS_HTTP_PATH, "installation_description" => $ilClientIniFile->readVariable("client", "description"), "installation_language_default" => $ilClientIniFile->readVariable("language", "default"), "installation_session_expire" => $ilClientIniFile->readVariable("session", "expire"), "installation_php_postmaxsize" => $this->return_bytes(ini_get("post_max_size")), "authentication_methods" => join(",", $auth_mode_names), "authentication_default_method" => $auth_mode_default, "installation_udf_xml" => $udfWriter->getXML(), "installation_advmd_xml" => $advmwriter->xmlDumpMem(false));
     // store into xml result set
     include_once './webservice/soap/classes/class.ilXMLResultSet.php';
     $xmlResult = new ilXMLResultSet();
     $xmlResult->addArray($client_details, true);
     // create writer and return xml
     include_once './webservice/soap/classes/class.ilXMLResultSetWriter.php';
     $xmlResultWriter = new ilXMLResultSetWriter($xmlResult);
     $xmlResultWriter->start();
     return $xmlResultWriter->getXML();
 }
 /**
  * Read settings
  *
  * @access private
  * @param
  * 
  */
 private function read()
 {
     global $ilSetting;
     $this->kind = $this->settings->get('kind', self::TYPE_MANUAL);
     include_once 'Services/LDAP/classes/class.ilLDAPServer.php';
     $ldap_active = ilLDAPServer::_getFirstActiveServer();
     include_once 'Services/Radius/classes/class.ilRadiusSettings.php';
     $rad_settings = ilRadiusSettings::_getInstance();
     $rad_active = $rad_settings->isActive();
     $soap_active = $ilSetting->get('soap_auth_active', false);
     // apache settings
     $apache_settings = new ilSetting('apache_auth');
     $apache_active = $apache_settings->get('apache_enable_auth');
     // Check if active
     for ($i = 0; $i < 5; $i++) {
         if ($auth_mode = $this->settings->get((string) $i, 0)) {
             switch ($auth_mode) {
                 case AUTH_LOCAL:
                     $this->position[] = $auth_mode;
                     break;
                 case AUTH_LDAP:
                     if ($ldap_active) {
                         $this->position[] = $auth_mode;
                     }
                     break;
                 case AUTH_RADIUS:
                     if ($rad_active) {
                         $this->position[] = $auth_mode;
                     }
                     break;
                 case AUTH_SOAP:
                     if ($soap_active) {
                         $this->position[] = $auth_mode;
                     }
                     break;
                 case AUTH_APACHE:
                     if ($apache_active) {
                         $this->position[] = $auth_mode;
                     }
                     break;
                     // begin-patch auth_plugin
                 // begin-patch auth_plugin
                 default:
                     foreach (ilAuthUtils::getAuthPlugins() as $pl) {
                         if ($pl->isAuthActive($auth_mode)) {
                             $this->position[] = $auth_mode;
                         }
                     }
                     break;
                     // end-patch auth_plugin
             }
         }
     }
     // Append missing active auth modes
     if (!in_array(AUTH_LOCAL, $this->position)) {
         $this->position[] = AUTH_LOCAL;
     }
     if ($ldap_active) {
         if (!in_array(AUTH_LDAP, $this->position)) {
             $this->position[] = AUTH_LDAP;
         }
     }
     if ($rad_active) {
         if (!in_array(AUTH_RADIUS, $this->position)) {
             $this->position[] = AUTH_RADIUS;
         }
     }
     if ($soap_active) {
         if (!in_array(AUTH_SOAP, $this->position)) {
             $this->position[] = AUTH_SOAP;
         }
     }
     if ($apache_active) {
         if (!in_array(AUTH_APACHE, $this->position)) {
             $this->position[] = AUTH_APACHE;
         }
     }
     // begin-patch auth_plugin
     foreach (ilAuthUtils::getAuthPlugins() as $pl) {
         foreach ($pl->getAuthIds() as $auth_id) {
             if ($pl->isAuthActive($auth_id)) {
                 if (!in_array($auth_id, $this->position)) {
                     $this->position[] = $auth_id;
                 }
             }
         }
     }
     // end-patch auth_plugin
 }
Пример #16
0
 /**
  * Check if local password validation is supported
  * @param object $a_authmode
  * @return 
  */
 public static function supportsLocalPasswordValidation($a_authmode)
 {
     switch ($a_authmode) {
         case AUTH_LDAP:
         case AUTH_LOCAL:
         case AUTH_RADIUS:
             return ilAuthUtils::LOCAL_PWV_FULL;
         case AUTH_SHIBBOLETH:
         case AUTH_SOAP:
         case AUTH_CAS:
             if (!ilAuthUtils::isPasswordModificationEnabled($a_authmode)) {
                 return ilAuthUtils::LOCAL_PWV_NO;
             }
             return ilAuthUtils::LOCAL_PWV_USER;
         case AUTH_ECS:
         case AUTH_OPENID:
         case AUTH_SCRIPT:
         case AUTH_APACHE:
         default:
             return ilAuthUtils::LOCAL_PWV_USER;
     }
 }
Пример #17
0
 /**
  * Login function
  *
  * @access private
  * @return void
  */
 function login()
 {
     global $ilias, $rbacadmin, $ilSetting;
     if (phpCAS::getUser() != "") {
         $username = phpCAS::getUser();
         // Authorize this user
         include_once './Services/User/classes/class.ilObjUser.php';
         $local_user = ilObjUser::_checkExternalAuthAccount("cas", $username);
         if ($local_user != "") {
             $this->setAuth($local_user);
         } else {
             if (!$ilSetting->get("cas_create_users")) {
                 $this->status = AUTH_CAS_NO_ILIAS_USER;
                 $this->logout();
                 return;
             }
             $userObj = new ilObjUser();
             $local_user = ilAuthUtils::_generateLogin($username);
             $newUser["firstname"] = $local_user;
             $newUser["lastname"] = "";
             $newUser["login"] = $local_user;
             // set "plain md5" password (= no valid password)
             $newUser["passwd"] = "";
             $newUser["passwd_type"] = IL_PASSWD_MD5;
             //$newUser["gender"] = "m";
             $newUser["auth_mode"] = "cas";
             $newUser["ext_account"] = $username;
             $newUser["profile_incomplete"] = 1;
             // system data
             $userObj->assignData($newUser);
             $userObj->setTitle($userObj->getFullname());
             $userObj->setDescription($userObj->getEmail());
             // set user language to system language
             $userObj->setLanguage($ilSetting->get("language"));
             // Time limit
             $userObj->setTimeLimitOwner(7);
             $userObj->setTimeLimitUnlimited(1);
             $userObj->setTimeLimitFrom(time());
             $userObj->setTimeLimitUntil(time());
             // Create user in DB
             $userObj->setOwner(0);
             $userObj->create();
             $userObj->setActive(1);
             $userObj->updateOwner();
             //insert user data in table user_data
             $userObj->saveAsNew();
             // setup user preferences
             $userObj->writePrefs();
             // to do: test this
             $rbacadmin->assignUser($ilSetting->get('cas_user_default_role'), $userObj->getId(), true);
             unset($userObj);
             $this->setAuth($local_user);
         }
     } else {
         // This should never occur unless CAS is not configured properly
         $this->status = AUTH_WRONG_LOGIN;
     }
 }
Пример #18
0
 function initIlias($context = "web")
 {
     global $ilDB, $ilUser, $ilLog, $ilErr, $ilClientIniFile, $ilIliasIniFile, $ilSetting, $ilias, $https, $ilObjDataCache, $ilLog, $objDefinition, $lng, $ilCtrl, $ilBrowser, $ilHelp, $ilTabs, $ilMainMenu, $rbacsystem, $ilNavigationHistory;
     // remove unsafe characters
     $this->removeUnsafeCharacters();
     // error reporting
     // remove notices from error reporting
     if (version_compare(PHP_VERSION, '5.3.0', '>=')) {
         error_reporting(ini_get("error_reporting") & ~E_NOTICE & ~E_DEPRECATED);
     } else {
         error_reporting(ini_get('error_reporting') & ~E_NOTICE);
     }
     // include common code files
     $this->requireCommonIncludes();
     global $ilBench;
     // set error handler (to do: check preconditions for error handler to work)
     $ilBench->start("Core", "HeaderInclude_GetErrorHandler");
     $ilErr = new ilErrorHandling();
     $GLOBALS['ilErr'] =& $ilErr;
     $ilErr->setErrorHandling(PEAR_ERROR_CALLBACK, array($ilErr, 'errorHandler'));
     $ilBench->stop("Core", "HeaderInclude_GetErrorHandler");
     // prepare file access to work with safe mode (has been done in class ilias before)
     umask(0117);
     // set cookie params
     $this->setCookieParams();
     // $ilIliasIniFile initialisation
     $this->initIliasIniFile();
     // CLIENT_ID determination
     $this->determineClient();
     // $ilAppEventHandler initialisation
     $this->initEventHandling();
     // $ilClientIniFile initialisation
     $this->initClientIniFile();
     // removed redirection madness the service should respond with SERVICE UNAVAILABLE
     // $ilDB initialisation
     $this->initDatabase();
     // init plugin admin class
     include_once "Services/Component/classes/class.ilPluginAdmin.php";
     $ilPluginAdmin = new ilPluginAdmin();
     $GLOBALS['ilPluginAdmin'] = $ilPluginAdmin;
     // set session handler
     $this->setSessionHandler();
     // $ilSetting initialisation
     $this->initSettings();
     // $ilLog initialisation
     $this->initLog();
     // $https initialisation
     require_once 'classes/class.ilHTTPS.php';
     $https = new ilHTTPS();
     $GLOBALS['https'] =& $https;
     $https->enableSecureCookies();
     $https->checkPort();
     if ($this->returnBeforeAuth()) {
         return;
     }
     $ilCtrl = new ilCtrl2();
     $GLOBALS['ilCtrl'] =& $ilCtrl;
     // $ilAuth initialisation
     include_once "Services/Authentication/classes/class.ilAuthUtils.php";
     ilAuthUtils::_initAuth();
     global $ilAuth;
     $this->includePhp5Compliance();
     // Do not accept external session ids
     if (!ilSession::_exists(session_id())) {
         // $_GET["PHPSESSID"] = "";
         session_regenerate_id();
     }
     // $ilias initialisation
     global $ilias, $ilBench;
     $ilBench->start("Core", "HeaderInclude_GetILIASObject");
     $ilias = new ILIAS();
     $GLOBALS['ilias'] =& $ilias;
     $ilBench->stop("Core", "HeaderInclude_GetILIASObject");
     // $ilObjDataCache initialisation
     $ilObjDataCache = new ilObjectDataCache();
     $GLOBALS['ilObjDataCache'] =& $ilObjDataCache;
     // workaround: load old post variables if error handler 'message' was called
     if (isset($_SESSION["message"]) && $_SESSION["message"]) {
         $_POST = $_SESSION["post_vars"];
     }
     // put debugging functions here
     require_once "include/inc.debug.php";
     // $objDefinition initialisation
     $ilBench->start("Core", "HeaderInclude_getObjectDefinitions");
     $objDefinition = new ilObjectDefinition();
     $GLOBALS['objDefinition'] =& $objDefinition;
     // $objDefinition->startParsing();
     $ilBench->stop("Core", "HeaderInclude_getObjectDefinitions");
     // init tree
     $tree = new ilTree(ROOT_FOLDER_ID);
     $GLOBALS['tree'] =& $tree;
     // $ilAccess and $rbac... initialisation
     $this->initAccessHandling();
     // authenticate & start session
     PEAR::setErrorHandling(PEAR_ERROR_CALLBACK, array($ilErr, "errorHandler"));
     $ilBench->start("Core", "HeaderInclude_Authentication");
     //var_dump($_SESSION);
     ////require_once('Log.php');
     ////$ilAuth->logger = Log::singleton('error_log',PEAR_LOG_TYPE_SYSTEM,'TEST');
     ////$ilAuth->enableLogging = true;
     if (!defined("IL_PHPUNIT_TEST")) {
         $oldSid = session_id();
         $ilAuth->start();
         $newSid = session_id();
         include_once 'Services/Payment/classes/class.ilPaymentShoppingCart.php';
         ilPaymentShoppingCart::_migrateShoppingCart($oldSid, $newSid);
     }
     //var_dump($_SESSION);
     $ilias->setAuthError($ilErr->getLastError());
     $ilBench->stop("Core", "HeaderInclude_Authentication");
     // workaround: force login
     if (!empty($_GET["cmd"]) && $_GET["cmd"] == "force_login" || $this->script == "login.php") {
         $ilAuth->logout();
         if (!isset($_GET['forceShoppingCartRedirect'])) {
             $_SESSION = array();
         }
         $_SESSION["AccountId"] = "";
         $ilAuth->start();
         $ilias->setAuthError($ilErr->getLastError());
     }
     // check correct setup
     if (!$ilias->getSetting("setup_ok")) {
         die("Setup is not completed. Please run setup routine again.");
     }
     // $ilUser initialisation (1)
     $ilBench->start("Core", "HeaderInclude_getCurrentUser");
     $ilUser = new ilObjUser();
     $ilias->account =& $ilUser;
     $GLOBALS['ilUser'] =& $ilUser;
     $ilBench->stop("Core", "HeaderInclude_getCurrentUser");
     // $ilCtrl initialisation
     //$ilCtrl = new ilCtrl();
     // determin current script and up-path to main directory
     // (sets $this->script and $this->updir)
     $this->determineScriptAndUpDir();
     // $styleDefinition initialisation and style handling for login and co.
     $this->initStyle();
     if (in_array($this->script, array("login.php", "register.php", "view_usr_agreement.php")) || $_GET["baseClass"] == "ilStartUpGUI") {
         $this->handleStyle();
     }
     // init locale
     $this->initLocale();
     // handle ILIAS 2 imported users:
     // check ilias 2 password, if authentication failed
     // only if AUTH_LOCAL
     //echo "A";
     if (AUTH_CURRENT == AUTH_LOCAL && !$ilAuth->getAuth() && $this->script == "login.php" && $_POST["username"] != "") {
         if (ilObjUser::_lookupHasIlias2Password(ilUtil::stripSlashes($_POST["username"]))) {
             if (ilObjUser::_switchToIlias3Password(ilUtil::stripSlashes($_POST["username"]), ilUtil::stripSlashes($_POST["password"]))) {
                 $ilAuth->start();
                 $ilias->setAuthError($ilErr->getLastError());
                 ilUtil::redirect("index.php");
             }
         }
     }
     //
     // SUCCESSFUL AUTHENTICATION
     //
     if ($ilAuth->getStatus() == '' && $ilias->account->isCurrentUserActive() || defined("IL_PHPUNIT_TEST") && DEVMODE) {
         //echo "C"; exit;
         $ilBench->start("Core", "HeaderInclude_getCurrentUserAccountData");
         //var_dump($_SESSION);
         // get user data
         $this->initUserAccount();
         //var_dump($_SESSION);
         // differentiate account security mode
         require_once 'Services/PrivacySecurity/classes/class.ilSecuritySettings.php';
         $security_settings = ilSecuritySettings::_getInstance();
         if ($security_settings->getAccountSecurityMode() == ilSecuritySettings::ACCOUNT_SECURITY_MODE_CUSTOMIZED) {
             // reset counter for failed logins
             ilObjUser::_resetLoginAttempts($ilUser->getId());
         }
         $ilBench->stop("Core", "HeaderInclude_getCurrentUserAccountData");
     } else {
         if (!$ilAuth->getAuth()) {
             require_once 'Services/PrivacySecurity/classes/class.ilSecuritySettings.php';
             // differentiate account security mode
             $security = ilSecuritySettings::_getInstance();
             if ($security->getAccountSecurityMode() == ilSecuritySettings::ACCOUNT_SECURITY_MODE_CUSTOMIZED) {
                 if (isset($_POST['username']) && $_POST['username'] && $ilUser->getId() == 0) {
                     $username = ilUtil::stripSlashes($_POST['username']);
                     $usr_id = ilObjUser::_lookupId($username);
                     if ($usr_id != ANONYMOUS_USER_ID) {
                         ilObjUser::_incrementLoginAttempts($usr_id);
                         $login_attempts = ilObjUser::_getLoginAttempts($usr_id);
                         $max_attempts = $security->getLoginMaxAttempts();
                         if ($login_attempts >= $max_attempts && $usr_id != SYSTEM_USER_ID && $max_attempts > 0) {
                             ilObjUser::_setUserInactive($usr_id);
                         }
                     }
                 }
             }
         }
     }
     //
     // SUCCESSFUL AUTHENTICATED or NON-AUTH-AREA (Login, Registration, ...)
     //
     // $lng initialisation
     $this->initLanguage();
     // store user language in tree
     $GLOBALS['tree']->initLangCode();
     // ### AA 03.10.29 added new LocatorGUI class ###
     // when locator data array does not exist, initialise
     if (!isset($_SESSION["locator_level"])) {
         $_SESSION["locator_data"] = array();
         $_SESSION["locator_level"] = -1;
     }
     // initialise global ilias_locator object
     // ECS Tasks
     include_once 'Services/WebServices/ECS/classes/class.ilECSTaskScheduler.php';
     $scheduler = ilECSTaskScheduler::start();
     $ilBench->stop("Core", "HeaderInclude");
 }
 function __validateUserData(&$user_data, $check_complete = true)
 {
     global $lng, $styleDefinition, $ilLog;
     $this->__setMessage('');
     include_once './Services/Authentication/classes/class.ilAuthUtils.php';
     $allow_empty_password = ilAuthUtils::_needsExternalAccountByAuthMode(ilAuthUtils::_getAuthMode($user_data['auth_mode']));
     if ($check_complete) {
         if (!isset($user_data['login'])) {
             $this->__appendMessage('No login given.');
         }
         if (!isset($user_data['passwd']) and !$allow_empty_password) {
             $this->__appendMessage('No password given.');
         }
         if (!isset($user_data['email'])) {
             $this->__appendMessage('No email given');
         }
         if (!isset($user_data['user_language'])) {
             $user_data['user_language'] = $lng->getDefaultLanguage();
         }
     }
     foreach ($user_data as $field => $value) {
         switch ($field) {
             case 'login':
                 if (!ilUtil::isLogin($value)) {
                     $this->__appendMessage('Login invalid.');
                 }
                 // check loginname
                 if ($check_complete) {
                     if (ilObjUser::_loginExists($value)) {
                         $this->__appendMessage('Login already exists.');
                     }
                 }
                 break;
             case 'passwd':
                 if (!strlen($value) and $allow_empty_password) {
                     break;
                 }
                 if (!ilUtil::isPassword($value)) {
                     $this->__appendMessage('Password invalid.');
                 }
                 break;
             case 'email':
                 if (!ilUtil::is_email($value)) {
                     $this->__appendMessage('Email invalid.');
                 }
                 break;
             case 'time_limit_unlimited':
                 if ($value != 1) {
                     if ($user_data['time_limit_from'] >= $user_data['time_limit_until']) {
                         $this->__appendMessage('Time limit invalid');
                     }
                 }
                 break;
             case 'user_language':
                 $lang_inst = $lng->getInstalledLanguages();
                 if (!in_array($user_data['user_language'], $lang_inst)) {
                     $this->__appendMessage('Language: ' . $user_data['user_language'] . ' is not installed');
                 }
                 break;
             case 'user_skin':
             case 'user_style':
                 if ($user_data['user_skin'] and !$user_data['user_style'] or !$user_data['user_skin'] and $user_data['user_style']) {
                     $this->__appendMessage('user_skin, user_style not valid.');
                 } elseif ($user_data['user_skin'] and $user_data['user_style']) {
                     $ok = false;
                     $templates = $styleDefinition->getAllTemplates();
                     if (count($templates) > 0 && is_array($templates)) {
                         foreach ($templates as $template) {
                             $styleDef =& new ilStyleDefinition($template["id"]);
                             $styleDef->startParsing();
                             $styles = $styleDef->getStyles();
                             foreach ($styles as $style) {
                                 if ($user_data['user_skin'] == $template["id"] && $user_data['user_style'] == $style["id"]) {
                                     $ok = true;
                                 }
                             }
                         }
                         if (!$ok) {
                             $this->__appendMessage('user_skin, user_style not valid.');
                         }
                     }
                 }
                 break;
             case 'time_limit_owner':
                 $type = ilObject::_lookupType($user_data['time_limit_owner'], true);
                 if ($type != 'cat' and $type != 'usrf') {
                     $this->__appendMessage('time_limit_owner must be ref_id of category or user folder' . $type);
                 }
                 break;
             default:
                 continue;
         }
     }
     return strlen($this->__getMessage()) ? false : true;
 }
 /**
  * handler for end of element when in verify mode.
  */
 function verifyEndTag($a_xml_parser, $a_name)
 {
     global $lng, $ilAccess, $ilSetting, $ilObjDataCache;
     switch ($a_name) {
         case "Role":
             $this->roles[$this->current_role_id]["name"] = $this->cdata;
             $this->roles[$this->current_role_id]["type"] = $this->current_role_type;
             $this->roles[$this->current_role_id]["action"] = $this->current_role_action;
             break;
         case "User":
             $this->userObj->setFullname();
             if ($this->user_id != -1 && $this->action == "Update") {
                 $user_exists = !is_null(ilObjUser::_lookupLogin($this->user_id));
             } else {
                 $user_exists = ilObjUser::getUserIdByLogin($this->userObj->getLogin()) != 0;
             }
             if (is_null($this->userObj->getLogin())) {
                 $this->logFailure("---", sprintf($lng->txt("usrimport_xml_element_for_action_required"), "Login", "Insert"));
             }
             switch ($this->action) {
                 case "Insert":
                     if ($user_exists and $this->conflict_rule == IL_FAIL_ON_CONFLICT) {
                         $this->logWarning($this->userObj->getLogin(), $lng->txt("usrimport_cant_insert"));
                     }
                     if (is_null($this->userObj->getGender()) && $this->isFieldRequired("gender")) {
                         $this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_for_action_required"), "Gender", "Insert"));
                     }
                     if (is_null($this->userObj->getFirstname())) {
                         $this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_for_action_required"), "Firstname", "Insert"));
                     }
                     if (is_null($this->userObj->getLastname())) {
                         $this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_for_action_required"), "Lastname", "Insert"));
                     }
                     if (count($this->roles) == 0) {
                         $this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_for_action_required"), "Role", "Insert"));
                     } else {
                         $has_global_role = false;
                         foreach ($this->roles as $role) {
                             if ($role['type'] == 'Global') {
                                 $has_global_role = true;
                                 break;
                             }
                         }
                         if (!$has_global_role) {
                             $this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_global_role_for_action_required"), "Insert"));
                         }
                     }
                     break;
                 case "Update":
                     if (!$user_exists) {
                         $this->logWarning($this->userObj->getLogin(), $lng->txt("usrimport_cant_update"));
                     } elseif ($this->user_id != -1 && !is_null($this->userObj->getLogin())) {
                         $someonesId = ilObjUser::_lookupId($this->userObj->getLogin());
                         if (is_numeric($someonesId) && $someonesId != $this->user_id) {
                             $this->logFailure($this->userObj->getLogin(), $lng->txt("usrimport_login_is_not_unique"));
                         }
                     }
                     break;
                 case "Delete":
                     if (!$user_exists) {
                         $this->logWarning($this->userObj->getLogin(), $lng->txt("usrimport_cant_delete"));
                     }
                     break;
             }
             // init role array for next user
             $this->roles = array();
             break;
         case "Login":
             if (array_key_exists($this->cdata, $this->logins)) {
                 $this->logWarning($this->cdata, $lng->txt("usrimport_login_is_not_unique"));
             } else {
                 $this->logins[$this->cdata] = $this->cdata;
             }
             $this->userObj->setLogin($this->cdata);
             break;
         case "Password":
             switch ($this->currPasswordType) {
                 case "ILIAS2":
                     $this->userObj->setPasswd($this->cdata, IL_PASSWD_CRYPT);
                     break;
                 case "ILIAS3":
                     $this->userObj->setPasswd($this->cdata, IL_PASSWD_MD5);
                     break;
                 case "PLAIN":
                     $this->userObj->setPasswd($this->cdata, IL_PASSWD_PLAIN);
                     $this->acc_mail->setUserPassword($this->currPassword);
                     break;
                 default:
                     $this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_attribute_value_illegal"), "Type", "Password", $this->currPasswordType));
                     break;
             }
             break;
         case "Firstname":
             $this->userObj->setFirstname($this->cdata);
             break;
         case "Lastname":
             $this->userObj->setLastname($this->cdata);
             break;
         case "Title":
             $this->userObj->setUTitle($this->cdata);
             break;
         case "Gender":
             if ($this->cdata != "m" && $this->cdata != "f") {
                 $this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "Gender", $this->cdata));
             }
             $this->userObj->setGender($this->cdata);
             break;
         case "Email":
             $this->userObj->setEmail($this->cdata);
             break;
         case "Institution":
             $this->userObj->setInstitution($this->cdata);
             break;
         case "Street":
             $this->userObj->setStreet($this->cdata);
             break;
         case "City":
             $this->userObj->setCity($this->cdata);
             break;
         case "PostalCode":
             $this->userObj->setZipCode($this->cdata);
             break;
         case "Country":
             $this->userObj->setCountry($this->cdata);
             break;
         case "PhoneOffice":
             $this->userObj->setPhoneOffice($this->cdata);
             break;
         case "PhoneHome":
             $this->userObj->setPhoneHome($this->cdata);
             break;
         case "PhoneMobile":
             $this->userObj->setPhoneMobile($this->cdata);
             break;
         case "Fax":
             $this->userObj->setFax($this->cdata);
             break;
         case "Hobby":
             $this->userObj->setHobby($this->cdata);
             break;
         case "Comment":
             $this->userObj->setComment($this->cdata);
             break;
         case "Department":
             $this->userObj->setDepartment($this->cdata);
             break;
         case "Matriculation":
             $this->userObj->setMatriculation($this->cdata);
             break;
         case "ExternalAccount":
             //echo "-".$this->userObj->getAuthMode()."-".$this->userObj->getLogin()."-";
             $am = $this->userObj->getAuthMode() == "default" || $this->userObj->getAuthMode() == "" ? ilAuthUtils::_getAuthModeName($ilSetting->get('auth_mode')) : $this->userObj->getAuthMode();
             $loginForExternalAccount = trim($this->cdata) == "" ? "" : ilObjUser::_checkExternalAuthAccount($am, trim($this->cdata));
             switch ($this->action) {
                 case "Insert":
                     if ($loginForExternalAccount != "") {
                         $this->logWarning($this->userObj->getLogin(), $lng->txt("usrimport_no_insert_ext_account_exists") . " (" . $this->cdata . ")");
                     }
                     break;
                 case "Update":
                     if ($loginForExternalAccount != "") {
                         $externalAccountHasChanged = trim($this->cdata) != ilObjUser::_lookupExternalAccount($this->user_id);
                         if ($externalAccountHasChanged && trim($loginForExternalAccount) != trim($this->userObj->getLogin())) {
                             $this->logWarning($this->userObj->getLogin(), $lng->txt("usrimport_no_update_ext_account_exists") . " (" . $this->cdata . " for " . $loginForExternalAccount . ")");
                         }
                     }
                     break;
             }
             if ($externalAccountHasChanged) {
                 $this->userObj->setExternalAccount(trim($this->cdata));
             }
             break;
         case "Active":
             if ($this->cdata != "true" && $this->cdata != "false") {
                 $this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "Active", $this->cdata));
             }
             $this->currActive = $this->cdata;
             break;
         case "TimeLimitOwner":
             if (!preg_match("/\\d+/", $this->cdata)) {
                 $this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "TimeLimitOwner", $this->cdata));
             } elseif (!$ilAccess->checkAccess('cat_administrate_users', '', $this->cdata)) {
                 $this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "TimeLimitOwner", $this->cdata));
             } elseif ($ilObjDataCache->lookupType($ilObjDataCache->lookupObjId($this->cdata)) != 'cat' && !(int) $this->cdata == USER_FOLDER_ID) {
                 $this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "TimeLimitOwner", $this->cdata));
             }
             $this->userObj->setTimeLimitOwner($this->cdata);
             break;
         case "TimeLimitUnlimited":
             switch (strtolower($this->cdata)) {
                 case "true":
                 case "1":
                     $this->userObj->setTimeLimitUnlimited(1);
                     break;
                 case "false":
                 case "0":
                     $this->userObj->setTimeLimitUnlimited(0);
                     break;
                 default:
                     $this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "TimeLimitUnlimited", $this->cdata));
                     break;
             }
             break;
         case "TimeLimitFrom":
             // Accept datetime or Unix timestamp
             if (strtotime($this->cdata) === false && !is_numeric($this->cdata)) {
                 $this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "TimeLimitFrom", $this->cdata));
             }
             $this->userObj->setTimeLimitFrom($this->cdata);
             break;
         case "TimeLimitUntil":
             // Accept datetime or Unix timestamp
             if (strtotime($this->cdata) === false && !is_numeric($this->cdata)) {
                 $this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "TimeLimitUntil", $this->cdata));
             }
             $this->userObj->setTimeLimitUntil($this->cdata);
             break;
         case "TimeLimitMessage":
             switch (strtolower($this->cdata)) {
                 case "1":
                     $this->userObj->setTimeLimitMessage(1);
                     break;
                 case "0":
                     $this->userObj->setTimeLimitMessage(0);
                     break;
                 default:
                     $this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "TimeLimitMessage", $this->cdata));
                     break;
             }
             break;
         case "ApproveDate":
             // Accept datetime or Unix timestamp
             if (strtotime($this->cdata) === false && !is_numeric($this->cdata) && !$this->cdata == "0000-00-00 00:00:00") {
                 $this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "ApproveDate", $this->cdata));
             }
             break;
         case "AgreeDate":
             // Accept datetime or Unix timestamp
             if (strtotime($this->cdata) === false && !is_numeric($this->cdata) && !$this->cdata == "0000-00-00 00:00:00") {
                 $this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "AgreeDate", $this->cdata));
             }
             break;
         case "iLincID":
             if (!preg_match("/\\d+/", $this->cdata)) {
                 $this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "iLincID", $this->cdata));
             }
             break;
         case "iLincUser":
             if (!preg_match("/\\w+/", $this->cdata)) {
                 $this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "iLincUser", $this->cdata));
             }
             break;
         case "iLincPasswd":
             if (!preg_match("/\\w+/", $this->cdata)) {
                 $this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "iLincPasswd", $this->cdata));
             }
             break;
         case "Pref":
             if ($this->currentPrefKey != null) {
                 $this->verifyPref($this->currentPrefKey, $this->cdata);
             }
             $this->currentPrefKey == null;
     }
 }
 /**
  * Create xml string of user according to mapping rules 
  *
  * @access private
  * 
  */
 private function usersToXML()
 {
     include_once './Services/Xml/classes/class.ilXmlWriter.php';
     $this->writer = new ilXmlWriter();
     $this->writer->xmlStartTag('Users');
     $cnt_update = 0;
     $cnt_create = 0;
     // Single users
     foreach ($this->user_data as $external_account => $user) {
         $user['ilExternalAccount'] = $external_account;
         // Required fields
         if ($user['ilInternalAccount']) {
             $usr_id = ilObjUser::_lookupId($user['ilInternalAccount']);
             ++$cnt_update;
             // User exists
             $this->writer->xmlStartTag('User', array('Id' => $usr_id, 'Action' => 'Update'));
             $this->writer->xmlElement('Login', array(), $user['ilInternalAccount']);
             $this->writer->xmlElement('ExternalAccount', array(), $external_account);
             $this->writer->xmlElement('AuthMode', array(type => $this->getNewUserAuthMode()), null);
             $rules = $this->mapping->getRulesForUpdate();
             include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRules.php';
             foreach (ilLDAPRoleAssignmentRules::getAssignmentsForUpdate($usr_id, $external_account, $user) as $role_data) {
                 $this->writer->xmlElement('Role', array('Id' => $role_data['id'], 'Type' => $role_data['type'], 'Action' => $role_data['action']), '');
             }
         } else {
             ++$cnt_create;
             // Create user
             $this->writer->xmlStartTag('User', array('Action' => 'Insert'));
             $this->writer->xmlElement('Login', array(), ilAuthUtils::_generateLogin($external_account));
             include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRules.php';
             foreach (ilLDAPRoleAssignmentRules::getAssignmentsForCreation($external_account, $user) as $role_data) {
                 $this->writer->xmlElement('Role', array('Id' => $role_data['id'], 'Type' => $role_data['type'], 'Action' => $role_data['action']), '');
             }
             $rules = $this->mapping->getRules();
         }
         $this->writer->xmlElement('Active', array(), "true");
         $this->writer->xmlElement('TimeLimitOwner', array(), 7);
         $this->writer->xmlElement('TimeLimitUnlimited', array(), 1);
         $this->writer->xmlElement('TimeLimitFrom', array(), time());
         $this->writer->xmlElement('TimeLimitUntil', array(), time());
         // only for new users.
         // If auth_mode is 'default' (ldap) this status should remain.
         if (!$user['ilInternalAccount']) {
             $this->writer->xmlElement('AuthMode', array('type' => $this->getNewUserAuthMode()), $this->getNewUserAuthMode());
             $this->writer->xmlElement('ExternalAccount', array(), $external_account);
         }
         foreach ($rules as $field => $data) {
             // Do Mapping: it is possible to assign multiple ldap attribute to one user data field
             if (!($value = $this->doMapping($user, $data))) {
                 continue;
             }
             switch ($field) {
                 case 'gender':
                     switch (strtolower($value)) {
                         case 'm':
                         case 'male':
                             $this->writer->xmlElement('Gender', array(), 'm');
                             break;
                         case 'f':
                         case 'female':
                         default:
                             $this->writer->xmlElement('Gender', array(), 'f');
                             break;
                     }
                     break;
                 case 'firstname':
                     $this->writer->xmlElement('Firstname', array(), $value);
                     break;
                 case 'lastname':
                     $this->writer->xmlElement('Lastname', array(), $value);
                     break;
                 case 'hobby':
                     $this->writer->xmlElement('Hobby', array(), $value);
                     break;
                 case 'title':
                     $this->writer->xmlElement('Title', array(), $value);
                     break;
                 case 'institution':
                     $this->writer->xmlElement('Institution', array(), $value);
                     break;
                 case 'department':
                     $this->writer->xmlElement('Department', array(), $value);
                     break;
                 case 'street':
                     $this->writer->xmlElement('Street', array(), $value);
                     break;
                 case 'city':
                     $this->writer->xmlElement('City', array(), $value);
                     break;
                 case 'zipcode':
                     $this->writer->xmlElement('PostalCode', array(), $value);
                     break;
                 case 'country':
                     $this->writer->xmlElement('Country', array(), $value);
                     break;
                 case 'phone_office':
                     $this->writer->xmlElement('PhoneOffice', array(), $value);
                     break;
                 case 'phone_home':
                     $this->writer->xmlElement('PhoneHome', array(), $value);
                     break;
                 case 'phone_mobile':
                     $this->writer->xmlElement('PhoneMobile', array(), $value);
                     break;
                 case 'fax':
                     $this->writer->xmlElement('Fax', array(), $value);
                     break;
                 case 'email':
                     $this->writer->xmlElement('Email', array(), $value);
                     break;
                 case 'matriculation':
                     $this->writer->xmlElement('Matriculation', array(), $value);
                     break;
                     /*						
                     case 'photo':
                     	$this->writer->xmlElement('PersonalPicture',array('encoding' => 'Base64','imagetype' => 'image/jpeg'),
                     		base64_encode($this->convertInput($user[$value])));
                     	break;
                     */
                 /*						
                 case 'photo':
                 	$this->writer->xmlElement('PersonalPicture',array('encoding' => 'Base64','imagetype' => 'image/jpeg'),
                 		base64_encode($this->convertInput($user[$value])));
                 	break;
                 */
                 default:
                     // Handle user defined fields
                     if (substr($field, 0, 4) != 'udf_') {
                         continue;
                     }
                     $id_data = explode('_', $field);
                     if (!isset($id_data[1])) {
                         continue;
                     }
                     $this->initUserDefinedFields();
                     $definition = $this->udf->getDefinition($id_data[1]);
                     $this->writer->xmlElement('UserDefinedField', array('Id' => $definition['il_id'], 'Name' => $definition['field_name']), $value);
                     break;
             }
         }
         $this->writer->xmlEndTag('User');
     }
     if ($cnt_create) {
         $this->log->write('LDAP: Started creation of ' . $cnt_create . ' users.');
     }
     if ($cnt_update) {
         $this->log->write('LDAP: Started update of ' . $cnt_update . ' users.');
     }
     $this->writer->xmlEndTag('Users');
 }
Пример #22
0
 /**
  * Parse authentication mode
  * @return string auth mode
  */
 private function parseAuthMode()
 {
     if ($this->settings->isAuthenticationEnabled() or !$this->settings->getAuthenticationMapping()) {
         return 'ldap';
     }
     return ilAuthUtils::_getAuthModeName($this->settings->getAuthenticationMapping());
 }
Пример #23
0
 /**
  * Called after login and successful call of fetch data
  * @return 
  * @param object $a_username
  * @param object $a_auth
  */
 public function loginObserver($a_username, $a_auth)
 {
     global $ilias, $rbacadmin, $lng, $ilSetting;
     $GLOBALS['ilLog']->write(__METHOD__ . ': SOAP login observer called');
     // TODO: handle passed credentials via GET
     /*
     if (empty($_GET["ext_uid"]) || empty($_GET["soap_pw"]))
     {
     	$this->status = AUTH_WRONG_LOGIN;
     	return;
     }
     */
     // Not required anymore
     /*
     $validation_data = $this->validateSoapUser($_GET["ext_uid"], $_GET["soap_pw"]);
     
     if (!$validation_data["valid"])
     {
     	$this->status = AUTH_WRONG_LOGIN;
     	return;
     }
     */
     $local_user = $this->response["local_user"];
     if ($local_user != "") {
         // to do: handle update of user
         $a_auth->setAuth($local_user);
         return true;
     }
     if (!$ilSetting->get("soap_auth_create_users")) {
         $a_auth->status = AUTH_SOAP_NO_ILIAS_USER;
         $a_auth->logout();
         return false;
     }
     //echo "1";
     // try to map external user via e-mail to ILIAS user
     if ($this->response["email"] != "") {
         //echo "2";
         //var_dump ($_POST);
         $email_user = ilObjUser::_getLocalAccountsForEmail($this->response["email"]);
         // check, if password has been provided in user mapping screen
         // (see ilStartUpGUI::showUserMappingSelection)
         // FIXME
         if ($_POST["LoginMappedUser"] != "") {
             if (count($email_user) > 0) {
                 $user = ilObjectFactory::getInstanceByObjId($_POST["usr_id"]);
                 require_once 'Services/User/classes/class.ilUserPasswordManager.php';
                 if (ilUserPasswordManager::getInstance()->verifyPassword($user, ilUtil::stripSlashes($_POST["password"]))) {
                     // password is correct -> map user
                     //$this->setAuth($local_user); (use login not id)
                     ilObjUser::_writeExternalAccount($_POST["usr_id"], $_GET["ext_uid"]);
                     ilObjUser::_writeAuthMode($_POST["usr_id"], "soap");
                     $_GET["cmd"] = $_POST["cmd"] = $_GET["auth_stat"] = "";
                     $local_user = ilObjUser::_lookupLogin($_POST["usr_id"]);
                     $a_auth->status = '';
                     $a_auth->setAuth($local_user);
                     return true;
                 } else {
                     //echo "6"; exit;
                     $a_auth->status = AUTH_SOAP_NO_ILIAS_USER_BUT_EMAIL;
                     $a_auth->setSubStatus(AUTH_WRONG_LOGIN);
                     $a_auth->logout();
                     return false;
                 }
             }
         }
         if (count($email_user) > 0 && $_POST["CreateUser"] == "") {
             $_GET["email"] = $this->response["email"];
             $a_auth->status = AUTH_SOAP_NO_ILIAS_USER_BUT_EMAIL;
             $a_auth->logout();
             return false;
         }
     }
     $userObj = new ilObjUser();
     $local_user = ilAuthUtils::_generateLogin($a_username);
     $newUser["firstname"] = $this->response["firstname"];
     $newUser["lastname"] = $this->response["lastname"];
     $newUser["email"] = $this->response["email"];
     $newUser["login"] = $local_user;
     // to do: set valid password and send mail
     $newUser["passwd"] = "";
     $newUser["passwd_type"] = IL_PASSWD_CRYPTED;
     // generate password, if local authentication is allowed
     // and account mail is activated
     $pw = "";
     if ($ilSetting->get("soap_auth_allow_local") && $ilSetting->get("soap_auth_account_mail")) {
         $pw = ilUtil::generatePasswords(1);
         $pw = $pw[0];
         $newUser["passwd"] = $pw;
         $newUser["passwd_type"] = IL_PASSWD_PLAIN;
     }
     //$newUser["gender"] = "m";
     $newUser["auth_mode"] = "soap";
     $newUser["ext_account"] = $a_username;
     $newUser["profile_incomplete"] = 1;
     // system data
     $userObj->assignData($newUser);
     $userObj->setTitle($userObj->getFullname());
     $userObj->setDescription($userObj->getEmail());
     // set user language to system language
     $userObj->setLanguage($lng->lang_default);
     // Time limit
     $userObj->setTimeLimitOwner(7);
     $userObj->setTimeLimitUnlimited(1);
     $userObj->setTimeLimitFrom(time());
     $userObj->setTimeLimitUntil(time());
     // Create user in DB
     $userObj->setOwner(0);
     $userObj->create();
     $userObj->setActive(1);
     $userObj->updateOwner();
     //insert user data in table user_data
     $userObj->saveAsNew(false);
     // setup user preferences
     $userObj->writePrefs();
     // to do: test this
     $rbacadmin->assignUser($ilSetting->get('soap_auth_user_default_role'), $userObj->getId(), true);
     // send account mail
     if ($ilSetting->get("soap_auth_account_mail")) {
         include_once './Services/User/classes/class.ilObjUserFolder.php';
         $amail = ilObjUserFolder::_lookupNewAccountMail($ilSetting->get("language"));
         if (trim($amail["body"]) != "" && trim($amail["subject"]) != "") {
             include_once "Services/Mail/classes/class.ilAccountMail.php";
             $acc_mail = new ilAccountMail();
             if ($pw != "") {
                 $acc_mail->setUserPassword($pw);
             }
             $acc_mail->setUser($userObj);
             $acc_mail->send();
         }
     }
     unset($userObj);
     $a_auth->setAuth($local_user);
     return true;
 }
 /**
  * init auth mode determinitation form
  *
  * @access protected
  */
 protected function initAuthModeDetermination()
 {
     if (is_object($this->form)) {
         return true;
     }
     // Are there any authentication methods that support automatic determination ?
     include_once 'Services/Authentication/classes/class.ilAuthModeDetermination.php';
     $det = ilAuthModeDetermination::_getInstance();
     if ($det->getCountActiveAuthModes() <= 1) {
         return false;
     }
     include_once './Services/Form/classes/class.ilPropertyFormGUI.php';
     $this->form = new ilPropertyFormGUI();
     $this->form->setFormAction($this->ctrl->getFormAction($this));
     $this->form->setTableWidth('100%');
     $this->form->setTitle($this->lng->txt('auth_auth_settings'));
     $this->form->addCommandButton('updateAuthModeDetermination', $this->lng->txt('save'));
     require_once 'Services/Captcha/classes/class.ilCaptchaUtil.php';
     $cap = new ilCheckboxInputGUI($this->lng->txt('adm_captcha_anonymous_short'), 'activate_captcha_anonym');
     $cap->setInfo($this->lng->txt('adm_captcha_anonymous_auth'));
     $cap->setValue(1);
     if (!ilCaptchaUtil::checkFreetype()) {
         $cap->setAlert(ilCaptchaUtil::getPreconditionsMessage());
     }
     $cap->setChecked(ilCaptchaUtil::isActiveForLogin());
     $this->form->addItem($cap);
     $header = new ilFormSectionHeaderGUI();
     $header->setTitle($this->lng->txt('auth_auth_mode_determination'));
     $this->form->addItem($header);
     $kind = new ilRadioGroupInputGUI($this->lng->txt('auth_kind_determination'), 'kind');
     $kind->setInfo($this->lng->txt('auth_mode_determination_info'));
     $kind->setValue($det->getKind());
     $kind->setRequired(true);
     $option_user = new ilRadioOption($this->lng->txt('auth_by_user'), 0);
     $kind->addOption($option_user);
     $option_determination = new ilRadioOption($this->lng->txt('auth_automatic'), 1);
     include_once 'Services/Authentication/classes/class.ilAuthUtils.php';
     $auth_sequenced = $det->getAuthModeSequence();
     $counter = 1;
     foreach ($auth_sequenced as $auth_mode) {
         switch ($auth_mode) {
             case AUTH_LDAP:
                 $text = $this->lng->txt('auth_ldap');
                 break;
             case AUTH_RADIUS:
                 $text = $this->lng->txt('auth_radius');
                 break;
             case AUTH_LOCAL:
                 $text = $this->lng->txt('auth_local');
                 break;
             case AUTH_SOAP:
                 $text = $this->lng->txt('auth_soap');
                 break;
             case AUTH_APACHE:
                 $text = $this->lng->txt('auth_apache');
                 break;
                 // begin-patch auth_plugin
             // begin-patch auth_plugin
             default:
                 foreach (ilAuthUtils::getAuthPlugins() as $pl) {
                     $option = $pl->getMultipleAuthModeOptions($auth_mode);
                     $text = $option[$auth_mode]['txt'];
                 }
                 break;
                 // end-patch auth_plugin
         }
         $pos = new ilTextInputGUI($text, 'position[' . $auth_mode . ']');
         $pos->setValue($counter++);
         $pos->setSize(1);
         $pos->setMaxLength(1);
         $option_determination->addSubItem($pos);
     }
     $kind->addOption($option_determination);
     $this->form->addItem($kind);
     return true;
 }
 /** 
  * Called from fetchData after successful login.
  *
  * @param string username
  */
 public function loginObserver($a_username, $a_auth)
 {
     $usr_id = ilObjUser::_lookupId($a_username);
     $auth_mode = ilObjUser::_lookupAuthMode($usr_id);
     $auth_id = ilAuthUtils::_getAuthMode($auth_mode);
     $GLOBALS['ilLog']->write(__METHOD__ . ': auth id =  ' . $auth_id);
     switch ($auth_id) {
         case AUTH_APACHE:
         case AUTH_LOCAL:
             return true;
         default:
             if (ilAuthUtils::isPasswordModificationEnabled($auth_id)) {
                 return true;
             }
     }
     $a_auth->status = AUTH_WRONG_LOGIN;
     $a_auth->logout();
     return false;
 }
 /**
  * create client tag
  *
  * @param ilSetting $setting
  */
 private function __buildClient($setting)
 {
     $auth_modes = ilAuthUtils::_getActiveAuthModes();
     $auth_mode_default = strtoupper(ilAuthUtils::_getAuthModeName(array_shift($auth_modes)));
     $auth_mode_names = array();
     foreach ($auth_modes as $mode) {
         $auth_mode_names[] = strtoupper(ilAuthUtils::_getAuthModeName($mode));
     }
     // determine skins/styles
     $skin_styles = array();
     include_once "./Services/Style/classes/class.ilStyleDefinition.php";
     $styleDefinition = new ilStyleDefinition();
     include_once "./Services/Style/classes/class.ilObjStyleSettings.php";
     $templates = $styleDefinition->getAllTemplates();
     if (is_array($templates)) {
         foreach ($templates as $template) {
             // get styles information of template
             $styleDef =& new ilStyleDefinition($template["id"]);
             $styleDef->startParsing();
             $styles = $styleDef->getStyles();
             foreach ($styles as $style) {
                 if (!ilObjStyleSettings::_lookupActivatedStyle($template["id"], $style["id"])) {
                     continue;
                 }
                 $skin_styles[] = $template["id"] . ":" . $style["id"];
             }
         }
     }
     // timezones
     include_once 'Services/Calendar/classes/class.ilTimeZone.php';
     $this->xmlStartTag("Client", array("inst_id" => $setting->get("inst_id"), "id" => $setting->clientid, "enabled" => $setting->access == 1 ? "TRUE" : "FALSE", "default_lang" => $setting->language));
     $this->xmlEndTag("Client");
     return;
     // END here due to security reasons.
     $this->xmlElement("Name", null, $setting->get("inst_name"));
     $this->xmlElement("Description", null, $setting->description);
     $this->xmlElement("Institution", null, $setting->get("inst_institution"));
     $this->xmlStartTag("Responsible");
     $this->xmlElement("Firstname", null, $setting->get("admin_firstname"));
     $this->xmlElement("Lastname", null, $setting->get("admin_lastname"));
     $this->xmlElement("Title", null, $setting->get("admin_title"));
     $this->xmlElement("Institution", null, $setting->get("admin_institution"));
     $this->xmlElement("Position", null, $setting->get("admin_position"));
     $this->xmlElement("Email", null, $setting->get("admin_email"));
     $this->xmlElement("Street ", null, $setting->get("admin_street"));
     $this->xmlElement("ZipCode ", null, $setting->get("admin_zipcode"));
     $this->xmlElement("City", null, $setting->get("admin_city"));
     $this->xmlElement("Country", null, $setting->get("admin_country"));
     $this->xmlElement("Phone", null, $setting->get("admin_phone"));
     $this->xmlEndTag("Responsible");
     $this->xmlStartTag("Settings");
     $this->xmlElement("Setting", array("key" => "error_recipient"), $setting->get("error_recipient"));
     $this->xmlElement("Setting", array("key" => "feedback_recipient"), $setting->get("feedback_recipient"));
     $this->xmlElement("Setting", array("key" => "session_expiration"), $setting->session);
     $this->xmlElement("Setting", array("key" => "soap_enabled"), $setting->get("soap_user_administration"));
     $this->xmlElement("Setting", array("key" => "authentication_methods"), join(",", $auth_mode_names));
     $this->xmlElement("Setting", array("key" => "authentication_default_method"), $auth_mode_default);
     $this->xmlElement("Setting", array("key" => "skins"), join(",", $skin_styles));
     $this->xmlElement("Setting", array("key" => "default_skin"), $setting->default_skin_style);
     $this->xmlElement("Setting", array("key" => "default_timezone"), ilTimeZone::_getDefaultTimeZone());
     $this->xmlElement("Setting", array("key" => "default_hits_per_page"), $setting->default_hits_per_page);
     $this->xmlElement("Setting", array("key" => "default_show_users_online"), $setting->default_show_users_online);
     $this->xmlEndTag("Settings");
     if ($this->exportAdvMDDefs) {
         // create advanced meta data record xml
         include_once 'Services/AdvancedMetaData/classes/class.ilAdvancedMDRecord.php';
         include_once 'Services/AdvancedMetaData/classes/class.ilAdvancedMDRecordXMLWriter.php';
         $record_ids = array();
         $record_types = ilAdvancedMDRecord::_getAssignableObjectTypes();
         foreach ($record_types as $type) {
             $records = ilAdvancedMDRecord::_getActivatedRecordsByObjectType($type);
             foreach ($records as $record) {
                 $record_ids[] = $record->getRecordId();
             }
         }
         $record_ids = array_unique($record_ids);
         $this->xmlStartTag('AdvancedMetaDataRecords');
         if (count($record_ids) > 0) {
             foreach ($record_ids as $record_id) {
                 $record_obj = ilAdvancedMDRecord::_getInstanceByrecordId($record_id);
                 $record_obj->toXML($this);
             }
         }
         $this->xmlEndTag('AdvancedMetaDataRecords');
     }
     if ($this->exportUDFDefs) {
         // create user defined fields record xml
         include_once "./Services/User/classes/class.ilUserDefinedFields.php";
         $udf_data =& ilUserDefinedFields::_newInstance();
         $udf_data->addToXML($this);
     }
     $this->xmlEndTag("Client");
 }
 public function fetchData($user, $pass)
 {
     foreach (ilAuthModeDetermination::_getInstance()->getAuthModeSequence() as $auth_mode) {
         if ($_REQUEST['force_mode_apache']) {
             $this->log('Container Apache: Trying new container', AUTH_LOG_DEBUG);
             include_once './Services/AuthApache/classes/class.ilAuthContainerApache.php';
             $this->current_container = new ilAuthContainerApache();
             $auth = new ilAuthApache($this->current_container);
         } else {
             switch ($auth_mode) {
                 case AUTH_LDAP:
                     $this->log('Container LDAP: Trying new container', AUTH_LOG_DEBUG);
                     include_once './Services/LDAP/classes/class.ilAuthContainerLDAP.php';
                     $this->current_container = new ilAuthContainerLDAP();
                     break;
                 case AUTH_LOCAL:
                     $this->log('Container MDB2: Trying new container', AUTH_LOG_DEBUG);
                     include_once './Services/Database/classes/class.ilAuthContainerMDB2.php';
                     $this->current_container = new ilAuthContainerMDB2();
                     break;
                 case AUTH_SOAP:
                     $this->log('Container SOAP: Trying new container', AUTH_LOG_DEBUG);
                     include_once './Services/SOAPAuth/classes/class.ilAuthContainerSOAP.php';
                     $this->current_container = new ilAuthContainerSOAP();
                     break;
                 case AUTH_RADIUS:
                     $this->log('Container Radius: Trying new container', AUTH_LOG_DEBUG);
                     include_once './Services/Radius/classes/class.ilAuthContainerRadius.php';
                     $this->current_container = new ilAuthContainerRadius();
                     break;
                     // begin-patch auth_plugin
                 // begin-patch auth_plugin
                 default:
                     $this->log('Container Plugin: Trying new container', AUTH_LOG_DEBUG);
                     foreach (ilAuthUtils::getAuthPlugins() as $pl) {
                         $container = $pl->getContainer($auth_mode);
                         if ($container instanceof Auth_Container) {
                             $this->current_container = $container;
                             break;
                         }
                     }
                     break;
                     // end-patch auth_plugin
             }
         }
         $this->current_container->_auth_obj = $this->_auth_obj;
         $result = $this->current_container->fetchData($user, $pass);
         if (PEAR::isError($result)) {
             $this->log('Container ' . $key . ': ' . $result->getMessage(), AUTH_LOG_ERR);
             // Do not return here, otherwise wrong configured auth modes might block ilias database authentication
         } elseif ($result == true) {
             $this->log('Container ' . $key . ': Authentication successful.', AUTH_LOG_DEBUG);
             return true;
         } else {
             $this->log('Container ' . $key . ': Authentication failed.', AUTH_LOG_DEBUG);
         }
     }
     return false;
 }